Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 4b2f0c44da4933b1fe584078548c17e664a734d6 ("mm/page_alloc: Avoid conflating IRQs disabled with zone->lock") https://git.kernel.org/cgit/linux/kernel/git/mel/linux.git mm-percpu-local_lock-v3r6 in testcase: trinity version: trinity-i386-4d2343bd-1_20200320 with following parameters: number: 99999 group: group-04 test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +--------------------------------------------------------------------------+------------+------------+ | | 58ec39d670 | 4b2f0c44da | +--------------------------------------------------------------------------+------------+------------+ | BUG:sleeping_function_called_from_invalid_context_at_arch/x86/mm/fault.c | 0 | 8 | | RIP:free_unref_page_commit | 0 | 10 | | BUG:unable_to_handle_page_fault_for_address | 0 | 10 | | Oops:#[##] | 0 | 9 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 9 | +--------------------------------------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 237.611141] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1348 [ 237.613492] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 5946, name: trinity-c4 [ 237.615682] CPU: 1 PID: 5946 Comm: trinity-c4 Not tainted 5.12.0-rc7-00028-g4b2f0c44da49 #1 [ 237.617976] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 237.620155] Call Trace: [ 237.620982] dump_stack (kbuild/src/consumer/lib/dump_stack.c:122) [ 237.621954] ___might_sleep (kbuild/src/consumer/kernel/sched/core.c:8329 kbuild/src/consumer/kernel/sched/core.c:8286) [ 237.623115] do_user_addr_fault (kbuild/src/consumer/arch/x86/mm/fault.c:1348) [ 237.624312] exc_page_fault (kbuild/src/consumer/arch/x86/include/asm/irqflags.h:40 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:75 kbuild/src/consumer/arch/x86/mm/fault.c:1483 kbuild/src/consumer/arch/x86/mm/fault.c:1531) [ 237.627578] asm_exc_page_fault (kbuild/src/consumer/arch/x86/include/asm/idtentry.h:577) [ 237.628761] RIP: free_unref_page_commit+0x3c/0x6c [ 237.630359] Code: 89 c7 65 48 ff 05 09 74 e6 7e 4c 8b 40 60 65 4c 03 05 0d 0d e5 7e 48 63 d3 48 8d 45 08 48 ff c2 48 c1 e2 04 4c 01 c2 48 8b 0a <48> 89 41 08 48 89 4d 08 48 89 55 10 48 89 02 41 8b 00 41 8b 50 04 All code ======== 0: 89 c7 mov %eax,%edi 2: 65 48 ff 05 09 74 e6 incq %gs:0x7ee67409(%rip) # 0x7ee67413 9: 7e a: 4c 8b 40 60 mov 0x60(%rax),%r8 e: 65 4c 03 05 0d 0d e5 add %gs:0x7ee50d0d(%rip),%r8 # 0x7ee50d23 15: 7e 16: 48 63 d3 movslq %ebx,%rdx 19: 48 8d 45 08 lea 0x8(%rbp),%rax 1d: 48 ff c2 inc %rdx 20: 48 c1 e2 04 shl $0x4,%rdx 24: 4c 01 c2 add %r8,%rdx 27: 48 8b 0a mov (%rdx),%rcx 2a:* 48 89 41 08 mov %rax,0x8(%rcx) <-- trapping instruction 2e: 48 89 4d 08 mov %rcx,0x8(%rbp) 32: 48 89 55 10 mov %rdx,0x10(%rbp) 36: 48 89 02 mov %rax,(%rdx) 39: 41 8b 00 mov (%r8),%eax 3c: 41 8b 50 04 mov 0x4(%r8),%edx Code starting with the faulting instruction =========================================== 0: 48 89 41 08 mov %rax,0x8(%rcx) 4: 48 89 4d 08 mov %rcx,0x8(%rbp) 8: 48 89 55 10 mov %rdx,0x10(%rbp) c: 48 89 02 mov %rax,(%rdx) f: 41 8b 00 mov (%r8),%eax 12: 41 8b 50 04 mov 0x4(%r8),%edx [ 237.635110] RSP: 0000:ffffc90000507cd0 EFLAGS: 00010086 [ 237.636555] RAX: ffffea00041a7188 RBX: 0000000000000004 RCX: 0000001b00ec0000 [ 237.638384] RDX: ffff88842fd2efe8 RSI: 0000000000000004 RDI: ffff88843fff0c80 [ 237.640294] RBP: ffffea00041a7180 R08: ffff88842fd2ef98 R09: 00000000002fcdc9 [ 237.642217] R10: 0000000000008792 R11: 0000000000008792 R12: ffffea00041a7140 [ 237.644081] R13: 0000000000000001 R14: 00000000000280e8 R15: ffffea00041a7180 [ 237.645981] free_unref_page_list (kbuild/src/consumer/mm/page_alloc.c:3333) [ 237.647211] release_pages (kbuild/src/consumer/mm/swap.c:924) [ 237.648332] tlb_flush_mmu (kbuild/src/consumer/mm/mmu_gather.c:50 kbuild/src/consumer/mm/mmu_gather.c:242 kbuild/src/consumer/mm/mmu_gather.c:249) [ 237.649411] tlb_finish_mmu (kbuild/src/consumer/mm/mmu_gather.c:59 kbuild/src/consumer/mm/mmu_gather.c:334) [ 237.650483] unmap_region (kbuild/src/consumer/mm/mmap.c:2678 (discriminator 8)) [ 237.651529] __do_munmap (kbuild/src/consumer/include/linux/mm.h:1956 kbuild/src/consumer/mm/mmap.c:2646 kbuild/src/consumer/mm/mmap.c:2909) [ 237.652593] __do_sys_brk (kbuild/src/consumer/mm/mmap.c:252) [ 237.653662] do_int80_syscall_32 (kbuild/src/consumer/arch/x86/entry/common.c:77 kbuild/src/consumer/arch/x86/entry/common.c:94) [ 237.654857] entry_INT80_compat (kbuild/src/consumer/arch/x86/entry/entry_64_compat.S:414) [ 237.656022] RIP: 0023:0xf7efca02 [ 237.657061] Code: 95 01 00 05 25 36 02 00 83 ec 14 8d 80 e8 99 ff ff 50 6a 02 e8 1f ff 00 00 c7 04 24 7f 00 00 00 e8 7e 87 01 00 66 90 90 cd 80 8d b6 00 00 00 00 8d bc 27 00 00 00 00 8b 1c 24 c3 8d b6 00 00 All code ======== 0: 95 xchg %eax,%ebp 1: 01 00 add %eax,(%rax) 3: 05 25 36 02 00 add $0x23625,%eax 8: 83 ec 14 sub $0x14,%esp b: 8d 80 e8 99 ff ff lea -0x6618(%rax),%eax 11: 50 push %rax 12: 6a 02 pushq $0x2 14: e8 1f ff 00 00 callq 0xff38 19: c7 04 24 7f 00 00 00 movl $0x7f,(%rsp) 20: e8 7e 87 01 00 callq 0x187a3 25: 66 90 xchg %ax,%ax 27: 90 nop 28: cd 80 int $0x80 2a:* c3 retq <-- trapping instruction 2b: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi 31: 8d bc 27 00 00 00 00 lea 0x0(%rdi,%riz,1),%edi 38: 8b 1c 24 mov (%rsp),%ebx 3b: c3 retq 3c: 8d .byte 0x8d 3d: b6 00 mov $0x0,%dh ... Code starting with the faulting instruction =========================================== 0: c3 retq 1: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi 7: 8d bc 27 00 00 00 00 lea 0x0(%rdi,%riz,1),%edi e: 8b 1c 24 mov (%rsp),%ebx 11: c3 retq 12: 8d .byte 0x8d 13: b6 00 mov $0x0,%dh ... [ 237.661863] RSP: 002b:00000000fffae5f4 EFLAGS: 00000296 ORIG_RAX: 000000000000002d [ 237.663923] RAX: ffffffffffffffda RBX: 0000000057187000 RCX: 00000000f7ee9bcc [ 237.665804] RDX: 00000000f7ee9000 RSI: 00000000571ae000 RDI: 0000000057187000 [ 237.667670] RBP: 00000000f7eeadcc R08: 0000000000000000 R09: 0000000000000000 [ 237.669542] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 237.671410] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 237.673286] BUG: unable to handle page fault for address: 0000001b00ec0008 [ 237.675112] #PF: supervisor write access in kernel mode [ 237.676573] #PF: error_code(0x0002) - not-present page [ 237.678000] PGD 80000001eb622067 P4D 80000001eb622067 PUD 0 [ 237.679544] Oops: 0002 [#1] SMP PTI [ 237.680549] CPU: 1 PID: 5946 Comm: trinity-c4 Tainted: G W 5.12.0-rc7-00028-g4b2f0c44da49 #1 [ 237.683105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 237.685144] RIP: free_unref_page_commit+0x3c/0x6c [ 237.686709] Code: 89 c7 65 48 ff 05 09 74 e6 7e 4c 8b 40 60 65 4c 03 05 0d 0d e5 7e 48 63 d3 48 8d 45 08 48 ff c2 48 c1 e2 04 4c 01 c2 48 8b 0a <48> 89 41 08 48 89 4d 08 48 89 55 10 48 89 02 41 8b 00 41 8b 50 04 All code ======== 0: 89 c7 mov %eax,%edi 2: 65 48 ff 05 09 74 e6 incq %gs:0x7ee67409(%rip) # 0x7ee67413 9: 7e a: 4c 8b 40 60 mov 0x60(%rax),%r8 e: 65 4c 03 05 0d 0d e5 add %gs:0x7ee50d0d(%rip),%r8 # 0x7ee50d23 15: 7e 16: 48 63 d3 movslq %ebx,%rdx 19: 48 8d 45 08 lea 0x8(%rbp),%rax 1d: 48 ff c2 inc %rdx 20: 48 c1 e2 04 shl $0x4,%rdx 24: 4c 01 c2 add %r8,%rdx 27: 48 8b 0a mov (%rdx),%rcx 2a:* 48 89 41 08 mov %rax,0x8(%rcx) <-- trapping instruction 2e: 48 89 4d 08 mov %rcx,0x8(%rbp) 32: 48 89 55 10 mov %rdx,0x10(%rbp) 36: 48 89 02 mov %rax,(%rdx) 39: 41 8b 00 mov (%r8),%eax 3c: 41 8b 50 04 mov 0x4(%r8),%edx Code starting with the faulting instruction =========================================== 0: 48 89 41 08 mov %rax,0x8(%rcx) 4: 48 89 4d 08 mov %rcx,0x8(%rbp) 8: 48 89 55 10 mov %rdx,0x10(%rbp) c: 48 89 02 mov %rax,(%rdx) f: 41 8b 00 mov (%r8),%eax 12: 41 8b 50 04 mov 0x4(%r8),%edx [ 237.691378] RSP: 0000:ffffc90000507cd0 EFLAGS: 00010086 [ 237.692798] RAX: ffffea00041a7188 RBX: 0000000000000004 RCX: 0000001b00ec0000 [ 237.694302] RDX: ffff88842fd2efe8 RSI: 0000000000000004 RDI: ffff88843fff0c80 [ 237.695910] RBP: ffffea00041a7180 R08: ffff88842fd2ef98 R09: 00000000002fcdc9 [ 237.697673] R10: 0000000000008792 R11: 0000000000008792 R12: ffffea00041a7140 [ 237.699546] R13: 0000000000000001 R14: 00000000000280e8 R15: ffffea00041a7180 [ 237.701327] FS: 0000000000000000(0000) GS:ffff88842fd00000(0063) knlGS:00000000f7ef7840 [ 237.703325] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 237.704709] CR2: 0000001b00ec0008 CR3: 0000000141d48000 CR4: 00000000000406e0 [ 237.706323] Call Trace: [ 237.706973] free_unref_page_list (kbuild/src/consumer/mm/page_alloc.c:3333) [ 237.707981] release_pages (kbuild/src/consumer/mm/swap.c:924) [ 237.708899] tlb_flush_mmu (kbuild/src/consumer/mm/mmu_gather.c:50 kbuild/src/consumer/mm/mmu_gather.c:242 kbuild/src/consumer/mm/mmu_gather.c:249) [ 237.709760] tlb_finish_mmu (kbuild/src/consumer/mm/mmu_gather.c:59 kbuild/src/consumer/mm/mmu_gather.c:334) [ 237.710743] unmap_region (kbuild/src/consumer/mm/mmap.c:2678 (discriminator 8)) [ 237.711741] __do_munmap (kbuild/src/consumer/include/linux/mm.h:1956 kbuild/src/consumer/mm/mmap.c:2646 kbuild/src/consumer/mm/mmap.c:2909) [ 237.712807] __do_sys_brk (kbuild/src/consumer/mm/mmap.c:252) [ 237.713901] do_int80_syscall_32 (kbuild/src/consumer/arch/x86/entry/common.c:77 kbuild/src/consumer/arch/x86/entry/common.c:94) [ 237.715102] entry_INT80_compat (kbuild/src/consumer/arch/x86/entry/entry_64_compat.S:414) [ 237.716275] RIP: 0023:0xf7efca02 [ 237.717234] Code: 95 01 00 05 25 36 02 00 83 ec 14 8d 80 e8 99 ff ff 50 6a 02 e8 1f ff 00 00 c7 04 24 7f 00 00 00 e8 7e 87 01 00 66 90 90 cd 80 8d b6 00 00 00 00 8d bc 27 00 00 00 00 8b 1c 24 c3 8d b6 00 00 All code ======== 0: 95 xchg %eax,%ebp 1: 01 00 add %eax,(%rax) 3: 05 25 36 02 00 add $0x23625,%eax 8: 83 ec 14 sub $0x14,%esp b: 8d 80 e8 99 ff ff lea -0x6618(%rax),%eax 11: 50 push %rax 12: 6a 02 pushq $0x2 14: e8 1f ff 00 00 callq 0xff38 19: c7 04 24 7f 00 00 00 movl $0x7f,(%rsp) 20: e8 7e 87 01 00 callq 0x187a3 25: 66 90 xchg %ax,%ax 27: 90 nop 28: cd 80 int $0x80 2a:* c3 retq <-- trapping instruction 2b: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi 31: 8d bc 27 00 00 00 00 lea 0x0(%rdi,%riz,1),%edi 38: 8b 1c 24 mov (%rsp),%ebx 3b: c3 retq 3c: 8d .byte 0x8d 3d: b6 00 mov $0x0,%dh ... Code starting with the faulting instruction =========================================== 0: c3 retq 1: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi 7: 8d bc 27 00 00 00 00 lea 0x0(%rdi,%riz,1),%edi e: 8b 1c 24 mov (%rsp),%ebx 11: c3 retq 12: 8d .byte 0x8d 13: b6 00 mov $0x0,%dh ... [ 237.722058] RSP: 002b:00000000fffae5f4 EFLAGS: 00000296 ORIG_RAX: 000000000000002d [ 237.724151] RAX: ffffffffffffffda RBX: 0000000057187000 RCX: 00000000f7ee9bcc [ 237.725958] RDX: 00000000f7ee9000 RSI: 00000000571ae000 RDI: 0000000057187000 [ 237.727622] RBP: 00000000f7eeadcc R08: 0000000000000000 R09: 0000000000000000 [ 237.729452] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 237.731296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 237.733179] Modules linked in: can_bcm can_raw can cn scsi_transport_iscsi sr_mod cdrom sg ata_generic [ 237.735660] CR2: 0000001b00ec0008 [ 237.736662] ---[ end trace cce1e8c98da238bd ]--- [ 237.737946] RIP: free_unref_page_commit+0x3c/0x6c [ 237.739507] Code: 89 c7 65 48 ff 05 09 74 e6 7e 4c 8b 40 60 65 4c 03 05 0d 0d e5 7e 48 63 d3 48 8d 45 08 48 ff c2 48 c1 e2 04 4c 01 c2 48 8b 0a <48> 89 41 08 48 89 4d 08 48 89 55 10 48 89 02 41 8b 00 41 8b 50 04 All code ======== 0: 89 c7 mov %eax,%edi 2: 65 48 ff 05 09 74 e6 incq %gs:0x7ee67409(%rip) # 0x7ee67413 9: 7e a: 4c 8b 40 60 mov 0x60(%rax),%r8 e: 65 4c 03 05 0d 0d e5 add %gs:0x7ee50d0d(%rip),%r8 # 0x7ee50d23 15: 7e 16: 48 63 d3 movslq %ebx,%rdx 19: 48 8d 45 08 lea 0x8(%rbp),%rax 1d: 48 ff c2 inc %rdx 20: 48 c1 e2 04 shl $0x4,%rdx 24: 4c 01 c2 add %r8,%rdx 27: 48 8b 0a mov (%rdx),%rcx 2a:* 48 89 41 08 mov %rax,0x8(%rcx) <-- trapping instruction 2e: 48 89 4d 08 mov %rcx,0x8(%rbp) 32: 48 89 55 10 mov %rdx,0x10(%rbp) 36: 48 89 02 mov %rax,(%rdx) 39: 41 8b 00 mov (%r8),%eax 3c: 41 8b 50 04 mov 0x4(%r8),%edx Code starting with the faulting instruction =========================================== 0: 48 89 41 08 mov %rax,0x8(%rcx) 4: 48 89 4d 08 mov %rcx,0x8(%rbp) 8: 48 89 55 10 mov %rdx,0x10(%rbp) c: 48 89 02 mov %rax,(%rdx) f: 41 8b 00 mov (%r8),%eax 12: 41 8b 50 04 mov 0x4(%r8),%edx To reproduce: # build kernel cd linux cp config-5.12.0-rc7-00028-g4b2f0c44da49 .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp(a)lists.01.org Intel Corporation Thanks, Oliver Sang